<?php
/**
 * Created by PhpStorm.
 * User: 宇
 * Date: 2016/9/23
 * Time: 9:04
 */
namespace app\common\controller;
use think\Controller;

class Index extends Controller
{
    /*
     *Remove JS/css/IFRAME/FRAME 过滤JS/css/IFRAME/FRAME/XSS等恶意攻击代码(可安全使用)
     * Return string
     * 静态调用
    */
    public static function validateInput($input)
    {
        $input=trim($input);
        $input=preg_replace('/\0+/', '', $input);
        $input=preg_replace('/(\\\\0)+/', '', $input);
        $input=preg_replace('#(&\#*\w+)[\x00-\x20]+;#u',"\\1;",$input);
        $input=preg_replace('#(&\#x*)([0-9A-F]+);*#iu',"\\1\\2;",$input);
        $input=preg_replace("/%u0([a-z0-9]{3})/i", "&#x\\1;", $input);
        $input=preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $input);
        $input=str_replace(array('<?','?>'),array('<?','?>'),$input);
        $input=preg_replace('#\t+#',' ',$input);
        $scripts=array('javascript','vbscript','script','applet','alert','document','write','cookie','window');
        foreach($scripts as $script){
            $temp_str="";
            for($i=0;$i<strlen($script);$i++){
                $temp_str.=substr($script,$i,1)."\s*";
            }
            $temp_str=substr($temp_str,0,-3);
            $input=preg_replace('#'.$temp_str.'#s',$script,$input);
            $input=preg_replace('#'.ucfirst($temp_str).'#s',ucfirst($script),$input);
        }
        $input=preg_replace("#<a.+?href=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>.*?</a>#si", "", $input);
        $input=preg_replace("#<img.+?src=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>#si", "", $input);
        $input=preg_replace("#<(script|xss).*?\>#si", "<\\1>", $input);
        $input=preg_replace('#(<[^>]*?)(onblur|onchange|onclick|onfocus|onload|onmouseover|onmouseup|onmousedown|onselect|onsubmit|onunload|onkeypress|onkeydown|onkeyup|onresize)[^>]*>#is',"\\1>",$input);
        $input=preg_replace('#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is', "<\\1\\2\\3>", $input);
        $input=preg_replace('#<(/*\s*)(alert|applet|basefont|base|behavior|bgsound|blink|body|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss)([^>]*)>#is', "<\\1\\2\\3>", $input);
        $input=preg_replace('#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $input);
        $bad=array(
            'document.cookie'	=> '',
            'document.write'	=> '',
            'window.location'	=> '',
            "javascript\s*:"	=> '',
            "Redirect\s+302"	=> '',
            '<!--'				=> '<!--',
            '-->'				=> '-->'
        );
        foreach ($bad as $key=>$val){
            $input=preg_replace("#".$key."#i",$val,$input);
        }
        //过滤敏感html标签
        $input = htmlspecialchars($input);
        return	$input;
    }
}